-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cluster failed to start with 2.18 RC5 docker image #4860
Comments
@ruanyl I wasn't able to reproduce with RC5 docker image listed here. Expand to see docker-compose.yml I usedversion: '3'
services:
opensearch-node1:
image: opensearchstaging/opensearch:2.18.0.10466
container_name: opensearch-node1
environment:
- cluster.name=opensearch-cluster
- node.name=opensearch-node1
- discovery.seed_hosts=opensearch-node1,opensearch-node2
- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
# - "plugins.security.disabled=true"
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems
hard: 65536
ports:
- 9200:9200
- 9600:9600 # required for Performance Analyzer
networks:
- opensearch-net
opensearch-node2:
image: opensearchstaging/opensearch:2.18.0.10466
container_name: opensearch-node2
environment:
- cluster.name=opensearch-cluster
- node.name=opensearch-node2
- discovery.seed_hosts=opensearch-node1,opensearch-node2
- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
- bootstrap.memory_lock=true
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
# - "plugins.security.disabled=true"
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
networks:
- opensearch-net
opensearch-dashboards:
image: opensearchstaging/opensearch-dashboards:2.18.0.8047
container_name: opensearch-dashboards
ports:
- 5601:5601
expose:
- "5601"
environment:
OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
networks:
- opensearch-net
networks:
opensearch-net: |
This indicates that your self-signed certificates have expired could you please generate new ones. Closing this as it is not an issue. |
The expired certificate was in the file in the settings
You can quickly check everything through while openssl x509 -noout -text; do:; done < root-ca.pem | grep After Then find which ones have expired and delete PEM section from the file remove block of expired certificate from root-ca.pem
find the block you need and remove it from the file The real problem is that the log does not indicate which certificate has expired; you have to look for it manually. The problem started with the fact that the validator added a check for trusted certificates, which is generally unnecessary |
Using self-signed certificates, working fine for 2.17, but when creating cluster with 2.18 RC5 docker image, the cluster failed to start with the following error, am I missing anything?
The text was updated successfully, but these errors were encountered: